The websites of the New York Times and Twitter were targeted by hackers on Tuesday afternoon, August 27. On Wednesday, the New York Times site was still suffering problems related to the DNS attack.
The popular newspaper and social network’s domain name details were maliciously edited by the Syrian Electronic Army (SEA), who claimed responsibility for the attack. The attacked domains were both managed by hosting company Melbourne IT, which blamed the breach on a reseller – a third party that sells domains through the company’s system. According to the managed hosting company, the reseller’s log-in credentials had been obtained, and with them the SEA could enter through the “front door” and carry out the attack.
The company advised those wanting to make sure their domains were fully protected to use “additional registry lock features” and cautioned staff about sending email communications until the situation was resolved.
This isn’t the first attack against the media giant. In January, the New York Times said hackers had accessed its website and stolen the passwords of 53 employees.
As an IT firm that consults with businesses about network security, this story really caught our attention. If a business with the technical resources and expertise of the New York Times can get hacked, how can a smaller organization possibly protect itself?
The solution is fourfold:
- Don’t go it alone, work with a trusted and experienced IT partner who has the expertise to deal specifically with security issues. Don’t rely on your in-house IT team to fully secure your network, the complexity involved in making sound security decisions in today’s environment means you’d probably benefit from talking to a security expert from outside your company.
- Work with a trusted web host. Your IT partner should have relationships with vendors that have been closely vetted to ensure security, reliability and responsiveness to down-time.
- Regular penetration and vulnerability testing on your network helps identify security gaps. Continuous vulnerability assessment of an organization’s IT assets, including web applications and databases, is essential to effectively securing the infrastructure.
- Managed security services can help reduce the cost and complexity of securing your technology infrastructure.
ACE IT Solutions’ Managed Security Services, offered in partnership with IBM, offers a simple and cost-effective way to limit potential threats to your organization. Through our partnership with IBM, ACE IT Solutions leverages one of the world’s largest collections of security information to combine advanced analytic capabilities into cloud-based security services that can be mixed and matched according to specific needs and includes penetration testing, managed security and event management, firewall management, intrusion detection and prevention system management, managed protection services, unified threat management, hosted security event and log management, hosted vulnerability management.
Our robust cloud-based, fully-managed security solution can help your business address data security issues, reduce capital and operational costs, better manage regulatory compliance and improve employee productivity.
Contact the security experts at ACE IT Solutions at 646-558-5575 for a security assessment and more information on how your organization can protect itself against hacker attacks.